Get ready to train once again in the noble art of Cyber Kung Fu (gong!). We may have honed you into a lean, mean cyber-security machine, but you should not rest on your laurels. Summer may be upon us, but there is no recess for online gangsters.

To date, in ITP.net’s digital dojo, we have covered DDoS, DNS cache-poisoning, phishing and website security. This month we turn our attention to software, and our guest master will give us some tips on tightening up our practices and making sure that vulnerabilities are plugged.

So assemble on the mats for your next lesson in… Cyber Kung Fu (gong!).

Stuart is a 25-year veteran of the information security industry, as a consumer and a vendor. He managed the networks and security for Digital Equipment across 10 offices in the North UK region before moving to a security consulting role, helping to define security policies, infrastructure and implementations in some of the UK’s largest organisations.

Company Articles

He was technical team leader at Check Point Software technologies for six years and has served in consulting and managerial roles at HP TippingPoint, evangelising intrusion protection, next-generation firewall and anti-malware capabilities. He is currently field product manager for Cisco Security in the EMEA region.

The attack: Software vulnerability exploits

You would have to run an exceptionally tight digital ship to not be at risk from software vulnerabilities. Every device that is capable of running software – PC, smartphone, server and the ballooning roster of equipment joining the Internet of Things – is likely vulnerable from the moment you unpack it. Isolated from the Internet and external media, these holes in operating systems and application software represent no threat to you or your data, but how many of today’s devices are useful in isolation? Once these devices are joined to flash drives, external hard drives or the Internet, you and your data are taking a stroll through seedy backstreets, crawling with opportunists.

But the miscreants who target your digital castle do not attack you at random hoping to land a lucky punch. The blow that floors you is likely to have exploited one of those software holes.